You know, when I drive, I speed. I've been speeding for years. Actually, I've been speeding ever since I got that car. I have yet to get pulled over for it. It's not like the second I go over the speed limit, I get faxed a ticket. Kinda like how VAC won't instantly ban anyone who is using a cheat.

You know, when I drive, I speed. I've been speeding for years. Actually, I've been speeding ever since I got that car. I have yet to get pulled over for it. It's not like the second I go over the speed limit, I get faxed a ticket. Kinda like how VAC won't instantly ban anyone who is using a cheat.

But a ticket doesn't work as a deterrent, you'll keep going over the speed limit...
Instead of faxing you a ticket, let's make the police put you in jail, sell your car and ban you from ever being able to buy or own another car, or use a highway.
That will teach you not to go over the speed limit

And how is it supposed to catch the private hacks unless people submit said files? So unless you are submitting said files, you can't really complain since you are not helping to resolve the issue.
Is there even such a thing as a deterring anti-cheat?
Don't think so.

Get the LDR_MODULE lists from the PEB and check for modules outside the .code section.

Check if functions are called from outside the .code section.

VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path.

There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not).

Get the LDR_MODULE lists from the PEB and check for modules outside the .code section.

Check if functions are called from outside the .code section.

VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path.

There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not).

Depends on what you define as "wrongly".
VAC "wrongly" banned thousands of people last year in MW3 due to an unsigned file issue caused by steam itself.
VAC caught the issue and banned people thereafter.
But Valve caught it & reversed said bans.

Depends on what you define as "wrongly".
VAC "wrongly" banned thousands of people last year in MW3 due to an unsigned file issue caused by steam itself.
VAC caught the issue and banned people thereafter.
But Valve caught it & reversed said bans.

Get the LDR_MODULE lists from the PEB and check for modules outside the .code section.

Check if functions are called from outside the .code section.

VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path.

There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not).

1. VAC already does that
2. VAC does that as well for game code
3. Now you're treading water. A lot of legitimate applications inject code at varying points and you can't just assume out of module execution is cheat code. Besides GetThreadContext can fail due to 3rd party software that is legitimate.
4. See above for concerns.
5. Uh... What? What does outside the .text section have to do with anything?
6. Uh... code execution branches... that's the point you know...
7. Check VAC. They've been doing this since 2006.

So, if you have anything NEW to add to the discussion feel free. VAC can detect some private hacks already because of their did you really think I was going to give it away code. Banning them however requires the hashes to be added to the database and blacklisted. Keep in mind we're talking hashes of individual functions, not entire memory regions.

Depends on what you define as "wrongly".
VAC "wrongly" banned thousands of people last year in MW3 due to an unsigned file issue caused by steam itself.
VAC caught the issue and banned people thereafter.
But Valve caught it & reversed said bans.

It can't detect private cheats, which the vast majority of cheaters use. If VAC can't ban the majority of cheaters, than it isn't working. Vac doesn't even work as a deterrent, because everyone knows it doesn't catch Private cheats.

I'd just like to say that this is a ridiculous statement. You have no evidence of your claim that most cheaters use privately coded cheats.

VAC does work as a deterrent to those who don't know how to code their own cheats. Everyone knows it doesn't catch private cheats, but that doesn't mean everyone can create their own private cheats.

Without VAC, servers would be full to the brim with "download-and-go" cheats.

There is also the fact that, as several people have mentioned, VAC is not supposed to be the only thing stopping cheaters. Server administrators are supposed to serve as a first line of defense, with VAC preventing them form coming back. MW3 does not use administrators, which means there is no one policing the games and looking for people who might be using hard to find hacks.